Malice

joined 1 year ago
12
Paralyzed by indecision (lemmy.dbzer0.com)
submitted 8 months ago* (last edited 8 months ago) by Malice@lemmy.dbzer0.com to c/selfhosted@lemmy.world
 

cross-posted from: https://lemmy.dbzer0.com/post/14381333
(my apologies if cross-posting is frowned upon, just trying to get as much advice as possible! Will remove if it's no good)

Hey, y'all!

Here's the deal:

I have a server I've been running for a couple years, running mostly home automation and NVR stuff (home assistant, node red, frigate, etc). This was my first server and it wasn't set up in the best way possible. On top of that, it's starting to suffer from hardware failure. So I'm replacing it with a retired gaming computer, and I want to do it "right" this time.

So far, I've got it running proxmox with a couple debian VMs (thought process was to have one "primary" one that runs most of everything, and a "network" one that runs network services like nginx, tailscale, etc - I don't know if that separation is actually important or not). I, at some point, want to run pi-hole for sure. I also need a new router, so my thought was to set up opnsense for that. I also want to build a dedicated NAS somewhere down the line, but that's another thread for another time.

I work from home and require stable internet, and I have family that will be very upset if internet is randomly going out from my tinkering with stuff, so I think it's probably best to have totally separate, dedicated hardware for opnsense/pi-hole. I was looking at protectli, but it seems like I'd be looking at at least ~$300 for that option, and I'm not even sure I can run both opnsense and pi-hole on it? I'd also need to get an access point since I'd be replacing my current router that supplies wifi to the house, so I'm looking at like $400 for that transition, which is much more than I'd like to pay for this right now.

I could set everything up without the extra complexity of opnsense/pi-hole and add it down the line, but then I'd be looking at yet another complete re-work of the network and reconfiguring all my automations, cameras, etc., so it feels like it'd definitely be best to just do it up front and get it done. I have access to another old gaming PC I could theoretically set up as a dedicated network box to run opnsense and pi-hole on (after buying a NIC for it), but that seems wildly overkill (it's running an i5 and 32gb RAM, if I remember right), large (full ATX case), and power-hungry for a glorified router. I guess, in this case, I could move my network vm off the "main" server and onto this one, to truly use it as a dedicated network box, running things like opnsense, pi-hole, wireguard/tailscale, nginx, authelia, etc. But then I start getting into the territory of it being too much of a "tinkering" box instead of a stable router that I allow to handle my network and don't screw around with, lol.

So, I seek the advice of you much more experienced homelabbers. I'm terrified to do it "wrong" and wind up having to redo everything over and over, which I know is kind of antithetical to the entire idea of homelabbing in the first place. I need to avoid, as much as possible, unstable internet. In my shoes, what would y'all do? Bite the bullet and go for protectli? Use another old PC for the network box? Just set things up without opnsense/pi-hole for now and go protectli/something else later on and just deal with having to redo everything again?

Thank you so much in advance for any advice!

EDIT: I found a Zotac ZBox CL331 locally for $100 - would that be a good option, do y'all think?

(small aside: if anyone has any advice on moving my entire home assistant instance, node-red, and frigate setups (all separate docker containers) from the old server to the new one, that'd also be greatly appreciated!)

1
Paralyzed by indecision (lemmy.dbzer0.com)
submitted 8 months ago* (last edited 8 months ago) by Malice@lemmy.dbzer0.com to c/homelab@lemmy.ml
 

Hey, y'all!

Here's the deal:

I have a server I've been running for a couple years, running mostly home automation and NVR stuff (home assistant, node red, frigate, etc). This was my first server and it wasn't set up in the best way possible. On top of that, it's starting to suffer from hardware failure. So I'm replacing it with a retired gaming computer, and I want to do it "right" this time.

So far, I've got it running proxmox with a couple debian VMs (thought process was to have one "primary" one that runs most of everything, and a "network" one that runs network services like nginx, tailscale, etc - I don't know if that separation is actually important or not). I, at some point, want to run pi-hole for sure. I also need a new router, so my thought was to set up opnsense for that. I also want to build a dedicated NAS somewhere down the line, but that's another thread for another time.

I work from home and require stable internet, and I have family that will be very upset if internet is randomly going out from my tinkering with stuff, so I think it's probably best to have totally separate, dedicated hardware for opnsense/pi-hole. I was looking at protectli, but it seems like I'd be looking at at least ~$300 for that option, and I'm not even sure I can run both opnsense and pi-hole on it? I'd also need to get an access point since I'd be replacing my current router that supplies wifi to the house, so I'm looking at like $400 for that transition, which is much more than I'd like to pay for this right now.

I could set everything up without the extra complexity of opnsense/pi-hole and add it down the line, but then I'd be looking at yet another complete re-work of the network and reconfiguring all my automations, cameras, etc., so it feels like it'd definitely be best to just do it up front and get it done. I have access to another old gaming PC I could theoretically set up as a dedicated network box to run opnsense and pi-hole on (after buying a NIC for it), but that seems wildly overkill (it's running an i5 and 32gb RAM, if I remember right), large (full ATX case), and power-hungry for a glorified router. I guess, in this case, I could move my network vm off the "main" server and onto this one, to truly use it as a dedicated network box, running things like opnsense, pi-hole, wireguard/tailscale, nginx, authelia, etc. But then I start getting into the territory of it being too much of a "tinkering" box instead of a stable router that I allow to handle my network and don't screw around with, lol.

So, I seek the advice of you much more experienced homelabbers. I'm terrified to do it "wrong" and wind up having to redo everything over and over, which I know is kind of antithetical to the entire idea of homelabbing in the first place. I need to avoid, as much as possible, unstable internet. In my shoes, what would y'all do? Bite the bullet and go for protectli? Use another old PC for the network box? Just set things up without opnsense/pi-hole for now and go protectli/something else later on and just deal with having to redo everything again?

Thank you so much in advance for any advice!

EDIT: I found a Zotac ZBox CL331 locally for $100 - would that be a good option, do y'all think?

(small aside: if anyone has any advice on moving my entire home assistant instance, node-red, and frigate setups (all separate docker containers) from the old server to the new one, that'd also be greatly appreciated!)

[–] Malice@lemmy.dbzer0.com 3 points 9 months ago

Heavily leaning this way, thank you for another vote!

[–] Malice@lemmy.dbzer0.com 2 points 9 months ago (1 children)

Their modem is my router; it's both. That's why I need a new one, to do exactly as you're describing (is my understanding, although another post here suggests otherwise).

[–] Malice@lemmy.dbzer0.com 2 points 9 months ago

That is true that the most important part is just to keep the outside... out. I'd love to learn more intricate/advanced network setups and security too. I do work in IT, and knowing this stuff certainly wouldn't be bad on my resume, and I've actually always been interested in learning it regardless. But perhaps you make a good point that I can secure it from the outside and get things functional, and then work on further optimization down the line. Makes things a little less daunting, haha.

[–] Malice@lemmy.dbzer0.com 3 points 9 months ago (4 children)

I sometimes travel for work, as an example, and need to be able to access things to take care of things while I'm away and the girlfriend is home, or when she's with me and someone else is watching the place (I have a dog that needs petsat). I definitely have the time to tinker with it. Patience may be another thing, though, lol.

[–] Malice@lemmy.dbzer0.com 8 points 9 months ago (2 children)

The more replies like this I get, the more I'm inclined to set up a second computer with just TrueNAS and let it do nothing but handle that. I assume that, then, would be usable by the server running proxmox with all its containers and whatnots.

Thank you for the input!

[–] Malice@lemmy.dbzer0.com 1 points 9 months ago (1 children)

Yeah, I'd definitely considered the fact that I can probably just take the GPU out as soon as proxmox is set up. The only thing I'd leave it for is for transcoding, which may or may not be something I even need to/want to bother with.

[–] Malice@lemmy.dbzer0.com 1 points 9 months ago

Huh, this is interesting, I'll have to take another look into this. Thanks for the lead!
And I do have a UPS, and it is, indeed, pretty glorious that my internet, security cameras, and server all stay online for a good bit of time after an outage, and don't even flinch when the power is only out briefly. Convenience and peace of mind. Well worth a UPS.

[–] Malice@lemmy.dbzer0.com 3 points 9 months ago (2 children)

I like the advice to use a VM for anything specifically touching hardware. I think I'll run with that. Thank you! External access is tricky, I know, and doing it securely and safely is really paramount for me. This is the one thing that's keeping me from just "jumping in" with things. I don't want to mess that part up.

[–] Malice@lemmy.dbzer0.com 1 points 9 months ago

I am running HA in a container, so that's not an option, unfortunately. If I'm being honest, though, it's probably not a bad idea to start fresh with HA and re-import individual automations one-by-one, because HA has a lot of "slop" leftover from when I was first learning it and playing around with it.

[–] Malice@lemmy.dbzer0.com 1 points 9 months ago (6 children)

You make a very good argument for Tailscale, and I think I'll definitely be looking deeper into that.

I like your suggestion to map out functional requirements, and then go from there. I think I'll go ahead and start working on a decent map for that.

As far as the new router for pi-hole... my super-great, wonderful, most awesome ISP (I hope the sarcasm is evident, haha; the provider is AT&T) dictates that I use their specific modem/router (not optional), and they also do not allow me to change DHCP on that mandated hardware. So my best option, so far as I've seen, is to use the ISP's box in pass-through with a better router behind it that I can actually set up to use pi-hole.

Thank you for your thoughts and suggestions! I'm going to take a deeper look at Tailscale and get started properly mapping high-level needs/wants out, with options for each.

[–] Malice@lemmy.dbzer0.com 1 points 9 months ago

I'll take a look at that one as well, thank you!

[–] Malice@lemmy.dbzer0.com 1 points 9 months ago (3 children)

I'd planned on using the GPU for things like video transcoding (which I know it's probably way overkill for). Perhaps something like stable diffusion to play around with down the line? I'm not entirely sure. I do know that, since the CPU isn't a G series, it'll need to be plugged in at least if/when I need to put a monitor on it. Laziness suggests I'll likely just end up leaving it in there, lol. As far as the dh-15, yeah, that's outrageously overkill, I know, and I may very well slap the stock cooler on it and sell the dh-15.

Thank you!

 

Y'all, this is gonna be super broad, and I apologize for that, but I'm pretty new to all this and am looking for advice and guidance because I'm pretty overwhelmed at the moment. Any help is very, very appreciated.

For the last ~3 years, I've been running a basic home server on an old computer. Right now, it is hosting HomeAssistant, Frigate NVR, their various dependencies, and other things I use (such as zigbee2mqtt, zwave-js-ui, node-red, mosquitto, vscode, etc).

This old server has been my "learning playground" for the last few years, as it was my very first home server and my first foray into linux. That said, it's obviously got some shortcomings in terms of basic setup (it's probably not secure, it's definitely messy, some things don't work as I'd like, etc). It's currently on its way out (the motherboard is slowly kicking the bucket on me), so it's time to replace it, and I kind of what to start over (not completely - I've hundreds of automations in home assistant and node-red, for instance, that I don't want to have to completely re-write, so I intend to export/import those as needed) and do it "right" this time - at this point, I think this is where I'm hung up, paralyzed by a fear of doing it "wrong" and winding up with an inefficient, insecure mess.

The new server, I want to be much more robust in terms of capability, and I have a handful of things I'd really love to do: pi-hole (though I need to buy a new router for this, so that has to come later on unless it'd save a bunch of headache doing it from the get-go), NAS, media server (plex/jellyfin), *arr stuff, as well as plenty of new things I'd love to self-host like Trilium notes, Tandoor or Mealie, Grocy, backups of local PCs/phones/etc (nextcloud?)... obviously this part is impossible to completely cover, but I suspect the hardware (list below) should be capable?

I would love to put all my security cameras on their own subnet or vlan or something to keep them more secure.

I need everything to be fully but securely accessible from outside the network. I've recently set up nginx for this on my current server and it works well, though I probably didn't do it 100% "right." Is something like Tailscale something I should look to use in conjuction with that? In place of? Not at all?

I've also looked at something like Authelia for SSO, which would probably be convenient but also probably isn't entirely necessary.

Currently considering Proxmox, but then again, TrueNAS would be helpful for the storage aspect of all this. Can/should you run TrueNAS inside Proxmox? Should I be looking elsewhere entirely?

Here's the hardware for the recently-retired gaming PC I'll be using:
https://pcpartpicker.com/list/chV3jH
Also various SSDs and HDDs.

I'm in this weird place where I don't have too much room to play around because I want to get all my home automation and security stuff back up as quickly as possible, but I don't want to screw this all up.

Again, any help/advice/input at all is super, super appreciated.

view more: next ›